Items Tagged with "Passwords"

F-Secure posted a nice April Fool's day article that was so subtle it slipped into several security news feeds unnoticed. While the article itself may be just a fun prank, readers would be wise not to let the sardonic wit overshadow the important message about password security...

Passwords are the bane of the security community. We are forced to rely on them, while knowing they’re only as secure as our operating systems, which can be compromised by spyware and malware. There are a number of common techniques used to crack passwords...

For those searching for password storage systems, there is no shortage of helpful and even free programs. There is also no shortage of documents explaining why or how to create strong passwords. However, what I noticed in most documents and even programs is their lack of creativity...

The crackers are using automated tools that scan for valid ssh logins using a username list. The sites and names that come up can be processed again, checking for weak passwords or brute force vulnerabilities. The tools and method are not new, but the number of attacks seems much higher lately...

I ran into the 'getvncpw' meterpreter script issue on pentests in the past but didn't know much about the whacked out version of DES that RFB (the VNC protocol) was using. Not being a fan of manually editing a binary and compiling each time, I had a password to crack I wanted to find another way...

Network administrators may be conducting their own personal risk assessments in the course of their daily duties. They may be weighing factors such as performance pay incentives, the thoroughness of security audits, and time constraints when deciding what is or is not a priority...

You have to be sharp to see through a social engineering attack. The challenge is to retain that sharpness while in the midst of multiple tasks. Most of the time, the attacker will take advantage of a busy receptionist, a chaotic office, or tired staff when they try their dastardly deed...

Take a look at the authentication scheme from a 360-degree view and see if the strong authentication 2-factor provides extends to all platforms (mobile device? HTML-only?) If not, then your account is protected by the lowest common denominator, for most sites that's a simple username and password...

Passwords are the bane of every system administrator’s existence. Policies are created to secure organizations, but when enforced they cause people to have trouble coming up with the multitude of passwords necessary. As a result, people use the same passwords in multiple places...

The burden of so many complex passwords is too high, especially if the user believes the odds of their credentials being stolen are small. Advice on choosing strong passwords and never re-using them is rejected as a poor cost/benefit tradeoff. No wonder users have bad password practices...

Brute force, even though it's gotten so fast, is still a long way away from cracking long complex passwords. That's were word lists come in handy. It's usually the crackers first go-to solution, slam a word list against the hash, if that doesn't work, try rainbow tables..

iPhone passwords may not be as secure as one might believe. According to German security researchers from the Fraunhofer Institute Secure Information Technology (Fraunhofer SIT), if you have physical access to the phone, passwords can be recovered from a locked Apple iPhone in six minutes...

"Starting Thursday all Google users can choose to turn on a so-called 'two-factor authentication' feature, which will require them to type in a special, short-lived second password in addition to their normal password to get into their account..."

Consumers know that leaving their Wi-Fi network open is not good, but the reality is that many have not taken the steps to protect themselves. Consumers can activate Wi-Fi security protections in a few simple steps, but much like the seatbelts in your car, it won't protect you unless you use it...

Conferences are more than just going to interesting talks, meeting people, and attending after-parties. Sometimes, if the conferences is really a gem - like ShmooCon - you actually learn something. After attending this year's conference, I think it relevant to share my thoughts...

Facebook has made steady progress in their efforts to offer better security, but it remains the responsibility of account holders to make sure they are utilizing all of the security features. One allows members to monitor their profile for any unauthorized access to their Facebook account...